An HOA (home owners associations) can say what color you can paint your house, What you can plant in your yard, What you can have in your driveway, and some even say what color your blinds can be.
Microsoft controls your computer, they say what info is sent back to Microsoft, and they say when you must upgrade. They can shut down your computer when they want whether you like it or not.
You trust their repos.
With every apt update, they could push whatever code they want onto your PC.
Same as with literally any binary-based OS.
Not sure why you specify binary-based OS’s. Following Gentoo’s upgrade guide also gets you potentially whatever they want on your systemp
Someone definitely reads the changed code of Gentoo packages. You are saying that every operating system on the planet is untrustworthy, besides gentoo and a few other source-based distros, but let’s target Ubuntu in particular.
That’s not what I’m saying.
I’m saying you need to trust the people making your OS cause no way in hell is anyone else able to audit every update they push.
Whether your OS is trustworthy depends on their history. In that regard, I’d give Ubuntu a solid B-
Fair enough
How does that work, exactly? I don’t actually know. Are they compiling their own copies of the upstream code changes?
Yes, they’re taking the source code from upstream, modifying (“patching”) it, compiling it, then uploading their compiled binaries to the Ubuntu repo where your system downloads them during an update.
You can technically download the source code as well, if you activate the source repo. But hardly any end user does. And the source code you get doesn’t compile to the same binary you get from the repo anyway. (This would be called a “reproducible build”. Some distros try to be reproducible. Ubuntu doesn’t, they have other priorities.)
Thank you. That makes sense why some downstream distros designed for specific purposes (e.g. gaming) might include a handful of their own repos for specific software.